CLAIMS 

Kindly amend the claims as follows. 
1-28. (canceled) 

29. (presently amended) A method for the secure initialization of mobile data carriers (IM) within 
the frame of an authorization system (A) \\ ith application specific or system - specific initialization data , 

wherein said initialization data (DI, A-I, I-I) are generated in an authorization process in a secure 
environment (g) at a remote authorization authority (HA) by means of authorization means (AM) 

salt! iniliali/ation data (PI) comprisiniz authorization information (A-l) and initiali/alion inlbrmalion 
(1-1). being application-specillc or svstem-speciCiC and bein!;! used lo initialize a new data carrier, a new 
application (App3) or an extension of an application (App2.2). 

and said initialization data are sent over a network (N) in a secure communication according to security 
rules corresponding to the authorization system 

to a decentralized authorized read and write station (A-WR) in an unsecured environment (u), 
where the mobile data carriers (IM) are initialized (IMj) with the initialization data (DI) 

and/or that the initialization data (DI) arc sent over the network (N) to a dcccntTalizcd read and write 

station (W'R). by menn:^ ofwhich t h e road and write station is in i tialized (WRk) to put into operation 
new data carr i ers, new applications of extension of applicat i ons . 



30. (canceled) 



3 1 . (previously presented) 
(AM) are consisting of special 
(AM-1). 



The method according to claim 29, wherein the authorization means 
authorization identification media (AM-IM) or of authorization data 



32-37. (canceled) 

38. (previously presented) The method according to claim 29, wherein with the initialization data 
(DI2.2) application extensions (App2.2) are initialized. 

39. (previously presented) The method according to claim 29, wherein with the initialization data 
(D13) new independent applications (App3) are initialized. 

40. (previously presented) The method according to claim 29, wherein in a blank mobile data 
carrier which is prepared with a system data field (CDF) applications (App) are newly initialized with 
the initialization data (DI). 

41. (canceled) 

42. . (previously presented) The method according to claim 29, wherein a connection between the 
authorization authority (HA) and the decentralized read and write stations (A-WR, WR) over the 
network (N) is only made occasionally and when an exchange of data takes place. 

43. (previously presented) The method according to claim 29, wherein for the initialization a user 

authorization (aw) is effected by the read and write station (A-WR, WR), or by its owner (12) or an 
identification authorization means (ID-AM) is required. 

44. (previously presented) The method according to claim 29, wherein for an initialization a user 
authorization (ai) by the data carrieror by the owner (13) of the data carrier takes place. 

45. (previously presented) The method according to claim 29, wherein for the authorization of 
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initializations over the network (N), as well as for the execution of applications at the read and write 
station (A- WR, WR), at the data carrier (IM) personal data (aw) of the owner of the read and write 
station or personal data (ai) of the owner of the data carrier, are used as authorization means. 

46. (previously presented) The method according to claim 29, wherein the mobile data carriers 
(IM) comprise an application micro-processor (AppuP) for the processing of application program data 
(i-l-Cod). 

47. (previously presented) The method according to claim 29, wherein the data carriers (IM) are 
designed as contact-less, active or passive identification media. 

48. (canceled) 

49. (previously presented) The method according to claim 29, wherein status informations (S-1) 
concerning events at the authorized, or at the decentralized read and write stations (A-WR, WR) and/or 
at the mobile data carriers (IM) are sent to a corresponding authorization authority (HA) over the 
network (N). 

50. (previously presented) The method according to claim 49, wherein the status informations (S-I) 
are utilized for usage or license fee debiting. 

51-56. (canceled) 

57. (presently amended) A mobile data carrier (IMj) for the communication with assigned 
decentralized read and write stations (WR, WRk) 

within the frame of an authorization system (A), said mobile data carrier comprising 

npp l icnt i on - spcciHc or system - specific initialization data (Dl. A - l. M) (PI), comprising authorization 
informaiion (A-I) and initialization inFormalion (1-1). 
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to put into operation now data CQ i ricrG, new applications or extension of applicQtions 

which are applicaiion-specillc or svstem-spcciflc and which are used to initialize the mobile data 
carrier (\M\Y a new application (App3) or an extension of an application (App2.2y 

wherein said initialization data (DI, A-I, I-I) were generated in an authorization process in a secure 
environment (g) at a remote authorization authority (HA) by means of authorization means (AM) 

and said initialization data were sent over a network (N) in a secure communication according to 
security rules corresponding to the authorization system (A) 

to a decentralized authorized read and write station (A-WR) in an unsecured environment (u) 

and where the mobile data carrier was initialized (IMj) with said initialization data by said 
decentralized authorized read and write station (A-WR). 

58. (presently amended) A read and write station (WRk) for the communication with assigned 
mobile data carriers (IM, IMj) within the frame of an authorization system (A), said read and write 
station comprising 

appl i ootion - rspcoino or Lvystcni - spcc i flc initialization data (D\. A - (. I - I) (Dl) comprising aul]^ori^ation 
informalion (A-1) and initialization information (1-1) to put into operation new applications or 
extension of appl i cations , 

which arc application-specific or svsiem-speciFic and which are used to initialize a new application 
fAppj) or an extension of an application fApp2.2V 



wherein said initialization data (DI, A-I, M) were generated in an authorization process in a secure 
environment (g) at a remote authorization authority (HA) by means of authorization means (AM) 

and said initialization data were sent over a network (N) in a secure communication according to 
security rules corresponding to the authorization system (A) 

to a decentralized read and write station (WR) in an unsecured cnvironmeni (u) 

by means of which said decentralized read and write station is initialized (WRk). 

59. (presently amended) A method for the secure initialization of decentralized read and write 
stations (WR) within the frame of an authorization system (A) with application - spccitlc or system ■ 
specific i n i i i alizaiion data , 

wherein sttitl-initialization data (Dl. A - K Mj (D\) and comprisin<r authorization information (A-i) and 
iniliolizaiion information (i-l) are generated in an authorization process in a secure environment (g) at a 
remote authorization authority (HA) by means of authorization means (AM) 

said initialization data (Dl. A-l. M) being application-specific or svstem-specific and being used to 
initialize a new application f App3) or an extension of an application f App2.2\ 

and said initialization data are sent over a network (N) in a secure communication according to security 
rules corresponding to the authorization system 

to a decentralized read and write station (WR) in an unsecured environment (u). by means of which 
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said decentralized read and write station is initialized (WRk) , to put into operation new app l ications or 
cMon:3ion orapplioutionii . 

60. (previously presented) The method according to claim 59, wherein the authorization means 
(AM) are consisting of special authorization identification media (AM-IM) or of authorization data 
(AM-I). 

61. (previously presented) The method according to claim 59, wherein a (non-authorized) 
decentralized read and write station (WR) at first is transformed into an authorized read and write 
station (A-WR) by means of function authorization data (A-l-FA) which are contained in the 
initialization data (DI), and which subsequently is capable of initializing mobile data carriers (IM) in 
correspondence with the initialization data. 

62 (previously presented) The method according to claim 59, wherein a connection between the 
authorization authority (HA) and the decentralized read and write stations (A-WR, WR) over the 
network (N) is only made occasionally and when an exchange of data takes place. 

63. (previously presented) The method according to claim 59, wherein for the initialization a user 
authorization (aw) is effected by the read and write station (A-WR, WR), or by its owner (12) or an 
identification authorization means (ID-AM) is required. 

64. (previously presented) The method according to claim 59, wherein for the authorization of 
initializations over the network (N), as well as for the execution of applications at the read and write 
station (A-WR, WR), at the data carrier (IM) personal data (aw) of the owner of the read and write 
station or personal data (ai) of the owner of the data carrier, are used as authorization means, 

65. (previously presented) The method according to claim 59, wherein the data carriers (IM) are 
designed as contact-less, active or passive identification media. 

66. (previously presented) The method according to claim 59, wherein status informations (S-I) 
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concerning events at the authorized, or at the decentralized read and write stations (A-WR, WR) and/or 
at the mobile data carriers (IM) are sent to a corresponding authorization authority (HA) over the 
network (N). 

67. (previously presented) The method according to claim 66, wherein the status informations (S-I) 
are utilized for usage or license fee debiting. 



